@opengis/fastify-table 2.3.5 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors.d.ts +38 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +10 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +30 -9
- package/dist/server/plugins/access/funcs/getAdminAccess.d.ts +1 -4
- package/dist/server/plugins/access/funcs/getAdminAccess.d.ts.map +1 -1
- package/dist/server/plugins/access/funcs/getAdminAccess.js +3 -2
- package/dist/server/plugins/auth/funcs/getQuery.d.ts.map +1 -1
- package/dist/server/plugins/auth/funcs/getQuery.js +2 -1
- package/dist/server/plugins/auth/funcs/loginFile.d.ts +1 -4
- package/dist/server/plugins/auth/funcs/loginFile.d.ts.map +1 -1
- package/dist/server/plugins/auth/funcs/loginFile.js +10 -5
- package/dist/server/plugins/auth/funcs/loginUser.d.ts.map +1 -1
- package/dist/server/plugins/auth/funcs/loginUser.js +25 -18
- package/dist/server/plugins/auth/index.d.ts.map +1 -1
- package/dist/server/plugins/auth/index.js +3 -4
- package/dist/server/plugins/crud/funcs/dataInsert.js +1 -1
- package/dist/server/plugins/extra/extraData.d.ts.map +1 -1
- package/dist/server/plugins/extra/extraData.js +3 -2
- package/dist/server/plugins/extra/extraDataGet.d.ts +1 -4
- package/dist/server/plugins/extra/extraDataGet.d.ts.map +1 -1
- package/dist/server/plugins/extra/extraDataGet.js +4 -6
- package/dist/server/plugins/file/uploadMultiPart.js +1 -1
- package/dist/server/plugins/grpc/utils/html2doc.d.ts +0 -6
- package/dist/server/plugins/grpc/utils/html2doc.d.ts.map +1 -1
- package/dist/server/plugins/grpc/utils/html2doc.js +3 -8
- package/dist/server/plugins/grpc/utils/html2img.d.ts +0 -6
- package/dist/server/plugins/grpc/utils/html2img.d.ts.map +1 -1
- package/dist/server/plugins/grpc/utils/html2img.js +3 -8
- package/dist/server/plugins/grpc/utils/html2pdf.d.ts +0 -6
- package/dist/server/plugins/grpc/utils/html2pdf.d.ts.map +1 -1
- package/dist/server/plugins/grpc/utils/html2pdf.js +7 -12
- package/dist/server/plugins/grpc/utils/mergePdf.d.ts +0 -7
- package/dist/server/plugins/grpc/utils/mergePdf.d.ts.map +1 -1
- package/dist/server/plugins/grpc/utils/mergePdf.js +4 -9
- package/dist/server/plugins/logger/checkUserAccess.d.ts +1 -4
- package/dist/server/plugins/logger/checkUserAccess.d.ts.map +1 -1
- package/dist/server/plugins/logger/checkUserAccess.js +4 -6
- package/dist/server/plugins/logger/errorMessage.d.ts +1 -1
- package/dist/server/plugins/logger/errorMessage.d.ts.map +1 -1
- package/dist/server/plugins/logger/errorMessage.js +7 -8
- package/dist/server/plugins/logger/errorStatus.d.ts.map +1 -1
- package/dist/server/plugins/logger/errorStatus.js +6 -0
- package/dist/server/plugins/logger/index.d.ts +2 -2
- package/dist/server/plugins/logger/index.d.ts.map +1 -1
- package/dist/server/plugins/logger/index.js +16 -18
- package/dist/server/plugins/pg/funcs/getMeta.d.ts.map +1 -1
- package/dist/server/plugins/pg/funcs/getMeta.js +5 -3
- package/dist/server/plugins/policy/funcs/checkJWT.d.ts +0 -9
- package/dist/server/plugins/policy/funcs/checkJWT.d.ts.map +1 -1
- package/dist/server/plugins/policy/funcs/checkJWT.js +6 -5
- package/dist/server/plugins/policy/funcs/checkPermissions.d.ts +1 -4
- package/dist/server/plugins/policy/funcs/checkPermissions.d.ts.map +1 -1
- package/dist/server/plugins/policy/funcs/checkPermissions.js +2 -1
- package/dist/server/plugins/policy/funcs/checkPolicy.d.ts +1 -4
- package/dist/server/plugins/policy/funcs/checkPolicy.d.ts.map +1 -1
- package/dist/server/plugins/policy/funcs/checkPolicy.js +8 -7
- package/dist/server/plugins/policy/index.d.ts.map +1 -1
- package/dist/server/plugins/policy/index.js +2 -11
- package/dist/server/plugins/table/funcs/getFilterSQL/index.d.ts +1 -15
- package/dist/server/plugins/table/funcs/getFilterSQL/index.d.ts.map +1 -1
- package/dist/server/plugins/table/funcs/getFilterSQL/index.js +6 -4
- package/dist/server/plugins/table/funcs/gisIRColumn.d.ts +0 -22
- package/dist/server/plugins/table/funcs/gisIRColumn.d.ts.map +1 -1
- package/dist/server/plugins/table/funcs/gisIRColumn.js +5 -3
- package/dist/server/plugins/upload/index.d.ts.map +1 -1
- package/dist/server/plugins/upload/index.js +7 -0
- package/dist/server/plugins/upload/s3.d.ts +7 -1
- package/dist/server/plugins/upload/s3.d.ts.map +1 -1
- package/dist/server/plugins/upload/s3.js +54 -10
- package/dist/server/plugins/upload/s3minio.d.ts +59 -0
- package/dist/server/plugins/upload/s3minio.d.ts.map +1 -0
- package/dist/server/plugins/upload/s3minio.js +199 -0
- package/dist/server/plugins/upload/startUpload.d.ts.map +1 -1
- package/dist/server/plugins/upload/startUpload.js +16 -8
- package/dist/server/plugins/upload/uploadChunk.d.ts.map +1 -1
- package/dist/server/plugins/upload/uploadChunk.js +14 -9
- package/dist/server/plugins/usercls/index.js +1 -1
- package/dist/server/routes/access/controllers/access.group.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.group.js +3 -5
- package/dist/server/routes/access/controllers/access.group.post.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.group.post.js +3 -5
- package/dist/server/routes/access/controllers/access.interface.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.interface.js +1 -4
- package/dist/server/routes/access/controllers/access.user.d.ts +5 -1
- package/dist/server/routes/access/controllers/access.user.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.user.js +4 -5
- package/dist/server/routes/access/controllers/access.user.post.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.user.post.js +4 -5
- package/dist/server/routes/access/index.d.ts.map +1 -1
- package/dist/server/routes/access/index.js +10 -6
- package/dist/server/routes/auth/controllers/2factor/providers/totp.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/2factor/providers/totp.js +4 -3
- package/dist/server/routes/auth/controllers/2factor/qrcode.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/2factor/qrcode.js +6 -10
- package/dist/server/routes/auth/controllers/2factor/recovery.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/2factor/recovery.js +14 -23
- package/dist/server/routes/auth/controllers/2factor/reset.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/2factor/reset.js +3 -5
- package/dist/server/routes/auth/controllers/2factor/verify.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/2factor/verify.js +30 -43
- package/dist/server/routes/auth/controllers/core/login.d.ts +1 -4
- package/dist/server/routes/auth/controllers/core/login.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/core/passwordRecovery.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/core/passwordRecovery.js +7 -8
- package/dist/server/routes/auth/controllers/core/registration.d.ts +1 -4
- package/dist/server/routes/auth/controllers/core/registration.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/core/registration.js +10 -24
- package/dist/server/routes/auth/controllers/core/updateUserInfo.d.ts +1 -2
- package/dist/server/routes/auth/controllers/core/updateUserInfo.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/core/updateUserInfo.js +3 -2
- package/dist/server/routes/auth/controllers/euSign/authByData.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/euSign/authByData.js +4 -7
- package/dist/server/routes/auth/controllers/jwt/authorize.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/jwt/authorize.js +6 -9
- package/dist/server/routes/auth/controllers/jwt/token.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/jwt/token.js +9 -12
- package/dist/server/routes/auth/controllers/page/login2faTemplate.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/page/login2faTemplate.js +3 -2
- package/dist/server/routes/auth/index.d.ts +1 -2
- package/dist/server/routes/auth/index.d.ts.map +1 -1
- package/dist/server/routes/auth/index.js +4 -3
- package/dist/server/routes/cron/controllers/cronApi.d.ts.map +1 -1
- package/dist/server/routes/cron/controllers/cronApi.js +3 -4
- package/dist/server/routes/cron/index.js +1 -1
- package/dist/server/routes/crud/controllers/deleteCrud.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/deleteCrud.js +11 -33
- package/dist/server/routes/crud/controllers/insert.d.ts +1 -1
- package/dist/server/routes/crud/controllers/insert.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/insert.js +17 -31
- package/dist/server/routes/crud/controllers/table.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/table.js +14 -18
- package/dist/server/routes/crud/controllers/update.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/update.js +16 -28
- package/dist/server/routes/crud/index.d.ts.map +1 -1
- package/dist/server/routes/crud/index.js +14 -4
- package/dist/server/routes/dblist/controllers/setItem.d.ts +0 -6
- package/dist/server/routes/dblist/controllers/setItem.d.ts.map +1 -1
- package/dist/server/routes/dblist/controllers/setItem.js +3 -2
- package/dist/server/routes/dblist/index.d.ts.map +1 -1
- package/dist/server/routes/dblist/index.js +5 -3
- package/dist/server/routes/file/controllers/delete.d.ts +4 -1
- package/dist/server/routes/file/controllers/delete.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/delete.js +8 -8
- package/dist/server/routes/file/controllers/download.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/download.js +5 -8
- package/dist/server/routes/file/controllers/export.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/export.js +8 -8
- package/dist/server/routes/file/controllers/files.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/files.js +6 -8
- package/dist/server/routes/file/controllers/resize.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/resize.js +4 -12
- package/dist/server/routes/file/index.d.ts.map +1 -1
- package/dist/server/routes/file/index.js +10 -7
- package/dist/server/routes/grpc/controllers/file2geojson.d.ts.map +1 -1
- package/dist/server/routes/grpc/controllers/file2geojson.js +7 -7
- package/dist/server/routes/grpc/controllers/filePreview.d.ts.map +1 -1
- package/dist/server/routes/grpc/controllers/filePreview.js +5 -4
- package/dist/server/routes/grpc/index.d.ts.map +1 -1
- package/dist/server/routes/grpc/index.js +3 -2
- package/dist/server/routes/logger/controllers/logger.file.d.ts +1 -1
- package/dist/server/routes/logger/controllers/logger.file.d.ts.map +1 -1
- package/dist/server/routes/logger/controllers/logger.file.js +4 -5
- package/dist/server/routes/logger/controllers/logger.metrics.d.ts.map +1 -1
- package/dist/server/routes/logger/controllers/logger.metrics.js +1 -4
- package/dist/server/routes/logger/index.d.ts.map +1 -1
- package/dist/server/routes/logger/index.js +4 -2
- package/dist/server/routes/menu/controllers/getMenu.d.ts.map +1 -1
- package/dist/server/routes/menu/controllers/getMenu.js +2 -1
- package/dist/server/routes/menu/index.d.ts.map +1 -1
- package/dist/server/routes/menu/index.js +9 -2
- package/dist/server/routes/notifications/controllers/addUserNotification.d.ts +1 -2
- package/dist/server/routes/notifications/controllers/addUserNotification.d.ts.map +1 -1
- package/dist/server/routes/notifications/controllers/addUserNotification.js +5 -6
- package/dist/server/routes/notifications/controllers/deleteUserNotification.d.ts +1 -2
- package/dist/server/routes/notifications/controllers/deleteUserNotification.d.ts.map +1 -1
- package/dist/server/routes/notifications/controllers/deleteUserNotification.js +5 -6
- package/dist/server/routes/notifications/controllers/editUserNotification.d.ts +1 -2
- package/dist/server/routes/notifications/controllers/editUserNotification.d.ts.map +1 -1
- package/dist/server/routes/notifications/controllers/editUserNotification.js +6 -9
- package/dist/server/routes/notifications/controllers/readNotifications.d.ts +4 -2
- package/dist/server/routes/notifications/controllers/readNotifications.d.ts.map +1 -1
- package/dist/server/routes/notifications/controllers/readNotifications.js +4 -3
- package/dist/server/routes/notifications/controllers/userNotifications.d.ts +5 -2
- package/dist/server/routes/notifications/controllers/userNotifications.d.ts.map +1 -1
- package/dist/server/routes/notifications/controllers/userNotifications.js +4 -5
- package/dist/server/routes/notifications/index.d.ts +1 -2
- package/dist/server/routes/notifications/index.d.ts.map +1 -1
- package/dist/server/routes/notifications/index.js +3 -1
- package/dist/server/routes/properties/controllers/properties.get.d.ts +5 -2
- package/dist/server/routes/properties/controllers/properties.get.d.ts.map +1 -1
- package/dist/server/routes/properties/controllers/properties.get.js +6 -5
- package/dist/server/routes/properties/controllers/properties.post.d.ts +1 -1
- package/dist/server/routes/properties/controllers/properties.post.d.ts.map +1 -1
- package/dist/server/routes/properties/controllers/properties.post.js +7 -6
- package/dist/server/routes/properties/index.d.ts.map +1 -1
- package/dist/server/routes/properties/index.js +4 -7
- package/dist/server/routes/table/controllers/card.d.ts +1 -1
- package/dist/server/routes/table/controllers/card.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/card.js +9 -7
- package/dist/server/routes/table/controllers/cardData.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/cardData.js +4 -6
- package/dist/server/routes/table/controllers/cardTabData.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/cardTabData.js +3 -2
- package/dist/server/routes/table/controllers/dataInfo.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/dataInfo.js +4 -3
- package/dist/server/routes/table/controllers/filter.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/filter.js +3 -2
- package/dist/server/routes/table/controllers/form.d.ts +1 -1
- package/dist/server/routes/table/controllers/form.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/form.js +7 -5
- package/dist/server/routes/table/controllers/getFormByTable.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/getFormByTable.js +12 -12
- package/dist/server/routes/table/controllers/suggest.d.ts +1 -1
- package/dist/server/routes/table/controllers/suggest.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/suggest.js +14 -29
- package/dist/server/routes/table/controllers/tableInfo.d.ts +1 -2
- package/dist/server/routes/table/controllers/tableInfo.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/tableInfo.js +9 -8
- package/dist/server/routes/table/controllers/tokenInfo.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/tokenInfo.js +2 -1
- package/dist/server/routes/table/functions/getData.d.ts.map +1 -1
- package/dist/server/routes/table/functions/getData.js +19 -25
- package/dist/server/routes/table/index.d.ts.map +1 -1
- package/dist/server/routes/table/index.js +15 -13
- package/dist/server/routes/templates/controllers/getTemplate.d.ts.map +1 -1
- package/dist/server/routes/templates/controllers/getTemplate.js +9 -5
- package/dist/server/routes/templates/index.d.ts.map +1 -1
- package/dist/server/routes/templates/index.js +2 -1
- package/dist/server/routes/upload/index.d.ts.map +1 -1
- package/dist/server/routes/upload/index.js +31 -20
- package/dist/server/routes/usercls/controllers/addUserCls.d.ts.map +1 -1
- package/dist/server/routes/usercls/controllers/addUserCls.js +2 -1
- package/dist/server/routes/usercls/controllers/deleteUserCls.d.ts.map +1 -1
- package/dist/server/routes/usercls/controllers/deleteUserCls.js +2 -1
- package/dist/server/routes/usercls/controllers/editUserCls.d.ts.map +1 -1
- package/dist/server/routes/usercls/controllers/editUserCls.js +2 -1
- package/dist/server/routes/usercls/controllers/getUserCls.d.ts +1 -1
- package/dist/server/routes/usercls/controllers/getUserCls.d.ts.map +1 -1
- package/dist/server/routes/usercls/controllers/getUserCls.js +4 -3
- package/dist/server/routes/usercls/index.d.ts.map +1 -1
- package/dist/server/routes/usercls/index.js +12 -5
- package/dist/server/routes/util/controllers/api.list.d.ts +19 -0
- package/dist/server/routes/util/controllers/api.list.d.ts.map +1 -0
- package/dist/server/routes/util/controllers/api.list.js +58 -0
- package/dist/server/routes/util/controllers/code.generator.d.ts.map +1 -1
- package/dist/server/routes/util/controllers/code.generator.js +7 -6
- package/dist/server/routes/util/controllers/user.tokens.d.ts +1 -2
- package/dist/server/routes/util/controllers/user.tokens.d.ts.map +1 -1
- package/dist/server/routes/util/controllers/user.tokens.js +6 -5
- package/dist/server/routes/util/index.d.ts.map +1 -1
- package/dist/server/routes/util/index.js +8 -7
- package/dist/server/routes/widget/controllers/file.edit.d.ts.map +1 -1
- package/dist/server/routes/widget/controllers/file.edit.js +5 -4
- package/dist/server/routes/widget/controllers/widget.del.d.ts.map +1 -1
- package/dist/server/routes/widget/controllers/widget.del.js +6 -7
- package/dist/server/routes/widget/controllers/widget.get.d.ts.map +1 -1
- package/dist/server/routes/widget/controllers/widget.get.js +4 -3
- package/dist/server/routes/widget/controllers/widget.set.d.ts.map +1 -1
- package/dist/server/routes/widget/controllers/widget.set.js +5 -4
- package/dist/server/routes/widget/index.d.ts.map +1 -1
- package/dist/server/routes/widget/index.js +3 -2
- package/package.json +3 -1
- package/dist/module/core/cls/constraint_type.json +0 -14
- package/dist/module/core/cls/constraint_type_table.json +0 -18
- package/dist/server/migrations/oauth.sql.sql +0 -77
- package/dist/server/plugins/auth/funcs/getUserPermissions.d.ts +0 -2
- package/dist/server/plugins/auth/funcs/getUserPermissions.d.ts.map +0 -1
- package/dist/server/plugins/auth/funcs/getUserPermissions.js +0 -24
- package/dist/server/plugins/auth/onRequest.d.ts +0 -4
- package/dist/server/plugins/auth/onRequest.d.ts.map +0 -1
- package/dist/server/plugins/auth/onRequest.js +0 -104
- package/dist/server/plugins/migration/index.d.ts +0 -3
- package/dist/server/plugins/migration/index.d.ts.map +0 -1
- package/dist/server/plugins/migration/index.js +0 -5
- package/dist/server/plugins/policy/funcs/checkAuth.d.ts +0 -4
- package/dist/server/plugins/policy/funcs/checkAuth.d.ts.map +0 -1
- package/dist/server/plugins/policy/funcs/checkAuth.js +0 -104
- package/dist/server/routes/access/controllers/access.resources.d.ts +0 -6
- package/dist/server/routes/access/controllers/access.resources.d.ts.map +0 -1
- package/dist/server/routes/access/controllers/access.resources.js +0 -14
- package/dist/server/routes/access/controllers/resources.d.ts +0 -11
- package/dist/server/routes/access/controllers/resources.d.ts.map +0 -1
- package/dist/server/routes/access/controllers/resources.js +0 -14
- package/dist/server/routes/access/functions/resources.d.ts +0 -6
- package/dist/server/routes/access/functions/resources.d.ts.map +0 -1
- package/dist/server/routes/access/functions/resources.js +0 -11
- package/dist/server/types/errors.d.ts +0 -14
- package/dist/server/types/errors.d.ts.map +0 -1
- package/dist/server/types/errors.js +0 -4
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import pgClients from "../../../../plugins/pg/pgClients.js";
|
|
2
2
|
import authorizeUser from "../../../../plugins/auth/funcs/authorizeUser.js";
|
|
3
3
|
import checkJWT from "../../../../plugins/policy/funcs/checkJWT.js";
|
|
4
|
+
import { BadRequestError, NotFoundError, UnauthorizedError, } from "../../../../../errors.js";
|
|
4
5
|
const expireMsec = 1000 * 60 * 60;
|
|
5
6
|
const getIp = (req) => (req.headers?.["x-real-ip"] ||
|
|
6
7
|
req.headers?.["x-forwarded-for"] ||
|
|
@@ -15,24 +16,20 @@ export default async function oauthToken(req, reply) {
|
|
|
15
16
|
const payload = req.method === "POST" ? body : query;
|
|
16
17
|
const { grant_type, client_id, code, redirect_uri, code_verifier } = payload;
|
|
17
18
|
if (grant_type !== "authorization_code") {
|
|
18
|
-
|
|
19
|
+
throw BadRequestError("unsupported grant_type");
|
|
19
20
|
}
|
|
20
21
|
if (!client_id) {
|
|
21
|
-
|
|
22
|
-
.code(400)
|
|
23
|
-
.send({ error: "not enough params: client_id", code: 400 });
|
|
22
|
+
throw BadRequestError("not enough params: client_id");
|
|
24
23
|
}
|
|
25
24
|
if (!code) {
|
|
26
|
-
|
|
27
|
-
.code(400)
|
|
28
|
-
.send({ error: "not enough params: code", code: 400 });
|
|
25
|
+
throw BadRequestError("not enough params: code");
|
|
29
26
|
}
|
|
30
|
-
const { valid, payload: jwtPayload, redirectURIs,
|
|
27
|
+
const { valid, payload: jwtPayload, redirectURIs, } = (await checkJWT(req)) || {};
|
|
31
28
|
if (!valid) {
|
|
32
|
-
|
|
29
|
+
throw UnauthorizedError("unauthorized");
|
|
33
30
|
}
|
|
34
31
|
if (redirect_uri && !(redirectURIs || []).includes(redirect_uri)) {
|
|
35
|
-
|
|
32
|
+
throw BadRequestError("invalid redirect_uri");
|
|
36
33
|
}
|
|
37
34
|
const user = pg.pk?.["admin.users"]
|
|
38
35
|
? await pg
|
|
@@ -42,7 +39,7 @@ export default async function oauthToken(req, reply) {
|
|
|
42
39
|
.then((el) => el.rows[0])
|
|
43
40
|
: null;
|
|
44
41
|
if (!user) {
|
|
45
|
-
|
|
42
|
+
throw NotFoundError("user not found");
|
|
46
43
|
}
|
|
47
44
|
const expire = Math.min(jwtPayload.expires - jwtPayload.created || expireMsec, expireMsec);
|
|
48
45
|
const href1 = await authorizeUser(user, req, "jwt", expire);
|
|
@@ -53,7 +50,7 @@ export default async function oauthToken(req, reply) {
|
|
|
53
50
|
if (req.method === "POST" ||
|
|
54
51
|
payload.noredirect ||
|
|
55
52
|
process.env.NODE_ENV === "test") {
|
|
56
|
-
return reply.
|
|
53
|
+
return reply.status(200).send("auth success");
|
|
57
54
|
}
|
|
58
55
|
return reply.redirect(href);
|
|
59
56
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login2faTemplate.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/page/login2faTemplate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"login2faTemplate.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/page/login2faTemplate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAkC5D,wBAA8B,aAAa,CACzC,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,kBA4EpB"}
|
|
@@ -7,6 +7,7 @@ import { handlebars } from "../../../../helpers/index.js";
|
|
|
7
7
|
import pgClients from "../../../../plugins/pg/pgClients.js";
|
|
8
8
|
import getTemplate from "../../../../plugins/table/funcs/getTemplate.js";
|
|
9
9
|
import { getSecret, generate } from "../2factor/providers/totp.js";
|
|
10
|
+
import { NotFoundError, UnauthorizedError } from "../../../../../errors.js";
|
|
10
11
|
// relative default template filepath
|
|
11
12
|
const filename = fileURLToPath(import.meta.url);
|
|
12
13
|
const dirname = path.dirname(filename);
|
|
@@ -21,7 +22,7 @@ export default async function loginTemplate(req, reply) {
|
|
|
21
22
|
const { pg = pgClients.client } = req;
|
|
22
23
|
const { uid } = req.user || {};
|
|
23
24
|
if (!uid) {
|
|
24
|
-
|
|
25
|
+
throw UnauthorizedError("unauthorized");
|
|
25
26
|
}
|
|
26
27
|
const userExists = pg?.pk?.["admin.users"]
|
|
27
28
|
? await pg
|
|
@@ -29,7 +30,7 @@ export default async function loginTemplate(req, reply) {
|
|
|
29
30
|
.then((el) => el.rows?.[0]?.uid)
|
|
30
31
|
: false;
|
|
31
32
|
if (!userExists && config.pg) {
|
|
32
|
-
|
|
33
|
+
throw NotFoundError("user not found");
|
|
33
34
|
}
|
|
34
35
|
const customBody = await getTemplate("page", "2factor");
|
|
35
36
|
const body = customBody || (await readFile(twoFactorPagePath, "utf8"));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/auth/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/auth/index.ts"],"names":[],"mappings":"AA+CA,iBAAS,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,QA4FtC;AAED,eAAe,MAAM,CAAC"}
|
|
@@ -20,7 +20,8 @@ import login2faTemplate from "./controllers/page/login2faTemplate.js";
|
|
|
20
20
|
import oauthAuthorize from "./controllers/jwt/authorize.js";
|
|
21
21
|
import oauthToken from "./controllers/jwt/token.js";
|
|
22
22
|
import qrCode from "./controllers/2factor/qrcode.js";
|
|
23
|
-
const
|
|
23
|
+
const tags = ["core", "auth"];
|
|
24
|
+
const params = { config: { policy: "L0", tags } };
|
|
24
25
|
const registrationSchema = {
|
|
25
26
|
body: {
|
|
26
27
|
type: "object",
|
|
@@ -64,14 +65,14 @@ function plugin(app, opt = {}) {
|
|
|
64
65
|
app.get("/2factor/recovery", params, recovery);
|
|
65
66
|
}
|
|
66
67
|
if (!app.hasRoute({ method: "GET", url: "/2factor/reset" })) {
|
|
67
|
-
app.get("/2factor/reset", { config: { role: "admin" } }, reset);
|
|
68
|
+
app.get("/2factor/reset", { config: { tags, role: "admin" } }, reset);
|
|
68
69
|
}
|
|
69
70
|
// get/edit user info
|
|
70
71
|
if (!app.hasRoute({ method: "GET", url: "/user" })) {
|
|
71
72
|
app.get("/user", params, getUserInfo);
|
|
72
73
|
}
|
|
73
74
|
if (!app.hasRoute({ method: "POST", url: "/user" })) {
|
|
74
|
-
app.post("/user", { config: { auth: "creds" } }, updateUserInfo);
|
|
75
|
+
app.post("/user", { config: { tags, auth: "creds" } }, updateUserInfo);
|
|
75
76
|
}
|
|
76
77
|
// jwt
|
|
77
78
|
if (!app.hasRoute({ method: "GET", url: "/oauth/authorize" })) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cronApi.d.ts","sourceRoot":"","sources":["../../../../../server/routes/cron/controllers/cronApi.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cronApi.d.ts","sourceRoot":"","sources":["../../../../../server/routes/cron/controllers/cronApi.ts"],"names":[],"mappings":"AAGA,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAoBzD"}
|
|
@@ -1,17 +1,16 @@
|
|
|
1
|
+
import { ForbiddenError, NotFoundError } from "../../../../errors.js";
|
|
1
2
|
import cronList from "../../../plugins/cron/cronList.js";
|
|
2
3
|
export default async function cronApi(req, reply) {
|
|
3
4
|
const { params = {}, user = {}, hostname } = req;
|
|
4
5
|
if ((!user.uid || !user.user_type?.includes("admin")) &&
|
|
5
6
|
!hostname?.includes("local")) {
|
|
6
|
-
|
|
7
|
+
throw ForbiddenError("access restricted");
|
|
7
8
|
}
|
|
8
9
|
if (params.name === "list") {
|
|
9
10
|
return { data: Object.keys(cronList || {}) };
|
|
10
11
|
}
|
|
11
12
|
if (!cronList[params.name]) {
|
|
12
|
-
|
|
13
|
-
.status(404)
|
|
14
|
-
.send({ error: `cron not found: ${params.name}`, code: 404 });
|
|
13
|
+
throw NotFoundError(`cron not found: ${params.name}`);
|
|
15
14
|
}
|
|
16
15
|
const result = await cronList[params.name]?.(req, reply);
|
|
17
16
|
return result;
|
|
@@ -8,6 +8,6 @@ const cronSchema = {
|
|
|
8
8
|
},
|
|
9
9
|
};
|
|
10
10
|
function plugin(app, opt = {}) {
|
|
11
|
-
app.get("/cron/:name", { config: { role: "admin" }, schema: cronSchema }, cronApi);
|
|
11
|
+
app.get("/cron/:name", { config: { role: "admin", tags: ["core", "cron"] }, schema: cronSchema }, cronApi);
|
|
12
12
|
}
|
|
13
13
|
export default plugin;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deleteCrud.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/deleteCrud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"deleteCrud.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/deleteCrud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBA6HrE"}
|
|
@@ -7,6 +7,7 @@ import getOpt from "../../../plugins/crud/funcs/getOpt.js";
|
|
|
7
7
|
import getTemplate from "../../../plugins/table/funcs/getTemplate.js";
|
|
8
8
|
import { resources } from "../../../plugins/access/funcs/getResources.js";
|
|
9
9
|
import dataDelete from "../../../plugins/crud/funcs/dataDelete.js";
|
|
10
|
+
import { BadRequestError, ForbiddenError } from "../../../../errors.js";
|
|
10
11
|
export default async function deleteCrud(req, reply) {
|
|
11
12
|
const { pg = pgClients.client, user = {}, params = {}, headers = {}, method, } = req || {};
|
|
12
13
|
const hookData = (await applyHook("preDelete", {
|
|
@@ -15,8 +16,9 @@ export default async function deleteCrud(req, reply) {
|
|
|
15
16
|
id: params?.id,
|
|
16
17
|
user,
|
|
17
18
|
}));
|
|
19
|
+
// hooks should throw custom errors instead, this is temp solution to avoid breaking changes in hooks
|
|
18
20
|
if (hookData?.message && hookData?.status) {
|
|
19
|
-
|
|
21
|
+
throw new Error(hookData.message);
|
|
20
22
|
}
|
|
21
23
|
const { referer } = headers;
|
|
22
24
|
const tokenData = (await getToken({
|
|
@@ -36,50 +38,32 @@ export default async function deleteCrud(req, reply) {
|
|
|
36
38
|
? req.params
|
|
37
39
|
: {});
|
|
38
40
|
if (actionsToken && !actionsToken?.includes("del")) {
|
|
39
|
-
|
|
40
|
-
error: "del is not allowed ",
|
|
41
|
-
code: 403,
|
|
42
|
-
});
|
|
41
|
+
throw ForbiddenError("del is not allowed ");
|
|
43
42
|
}
|
|
44
43
|
const { actions = [], message: accessMessage } = (await getAccess({ resource, table: del, id, user, method }, pg)) || {};
|
|
45
44
|
if (accessMessage) {
|
|
46
|
-
|
|
47
|
-
error: accessMessage,
|
|
48
|
-
code: 403,
|
|
49
|
-
});
|
|
45
|
+
throw ForbiddenError(accessMessage);
|
|
50
46
|
}
|
|
51
47
|
if (!resource &&
|
|
52
48
|
!tokenData &&
|
|
53
49
|
!config?.local &&
|
|
54
50
|
!config.security?.disableToken &&
|
|
55
51
|
!config.auth?.disable) {
|
|
56
|
-
|
|
57
|
-
error: "invalid token",
|
|
58
|
-
code: 403,
|
|
59
|
-
});
|
|
52
|
+
throw ForbiddenError("invalid token");
|
|
60
53
|
}
|
|
61
54
|
if (!actions.includes("del") &&
|
|
62
55
|
!config.security?.disableToken &&
|
|
63
56
|
!config?.local &&
|
|
64
57
|
!tokenData) {
|
|
65
|
-
|
|
66
|
-
error: "access restricted: actions",
|
|
67
|
-
code: 403,
|
|
68
|
-
});
|
|
58
|
+
throw ForbiddenError("access restricted: actions");
|
|
69
59
|
}
|
|
70
60
|
const loadTemplate = await getTemplate("table", del);
|
|
71
61
|
const { table } = loadTemplate || hookData || tokenData || req.params || {};
|
|
72
62
|
if (!table) {
|
|
73
|
-
|
|
74
|
-
error: "table is required",
|
|
75
|
-
code: 404,
|
|
76
|
-
});
|
|
63
|
+
throw BadRequestError("table is required");
|
|
77
64
|
}
|
|
78
65
|
if (!id) {
|
|
79
|
-
|
|
80
|
-
error: "id is required",
|
|
81
|
-
code: 404,
|
|
82
|
-
});
|
|
66
|
+
throw BadRequestError("id is required");
|
|
83
67
|
}
|
|
84
68
|
const data = await dataDelete({
|
|
85
69
|
pg,
|
|
@@ -93,17 +77,11 @@ export default async function deleteCrud(req, reply) {
|
|
|
93
77
|
if (err.message?.includes?.("foreign key") ||
|
|
94
78
|
err.message?.includes?.("unique")) {
|
|
95
79
|
const constraint = err.message.match(/constraint "([^"]+)"/g);
|
|
96
|
-
|
|
97
|
-
error: `Видалення заборонено для збереження цілісності БД: ${constraint}`,
|
|
98
|
-
code: 400,
|
|
99
|
-
});
|
|
80
|
+
throw BadRequestError(`Видалення заборонено для збереження цілісності БД: ${constraint}`);
|
|
100
81
|
}
|
|
101
82
|
if (config.trace)
|
|
102
83
|
console.error(err.toString());
|
|
103
|
-
|
|
104
|
-
error: err.toString(),
|
|
105
|
-
code: 400,
|
|
106
|
-
};
|
|
84
|
+
throw BadRequestError(err.toString());
|
|
107
85
|
});
|
|
108
86
|
return reply.status(200).send({
|
|
109
87
|
rowCount: data?.rowCount || 0,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAsB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,gBA8MjE"}
|
|
@@ -10,10 +10,11 @@ import getAccess from "../../../plugins/crud/funcs/getAccess.js";
|
|
|
10
10
|
import getToken from "../../../plugins/crud/funcs/getToken.js";
|
|
11
11
|
import getTemplate from "../../../plugins/table/funcs/getTemplate.js";
|
|
12
12
|
import { resources } from "../../../plugins/access/funcs/getResources.js";
|
|
13
|
+
import { BadRequestError, ConflictError, ForbiddenError, NotFoundError, } from "../../../../errors.js";
|
|
13
14
|
export default async function insert(req, reply) {
|
|
14
15
|
const { pg = pgClients.client, user = {}, params = {}, body = {}, headers = {}, method, } = req || {};
|
|
15
16
|
if (!user) {
|
|
16
|
-
|
|
17
|
+
throw ForbiddenError("access restricted");
|
|
17
18
|
}
|
|
18
19
|
const hookData = (await applyHook("preInsert", {
|
|
19
20
|
pg,
|
|
@@ -21,11 +22,12 @@ export default async function insert(req, reply) {
|
|
|
21
22
|
user,
|
|
22
23
|
body,
|
|
23
24
|
}));
|
|
25
|
+
// hooks should throw custom errors instead, this is temp solution to avoid breaking changes in hooks
|
|
24
26
|
if (hookData?.message && hookData?.status) {
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
return
|
|
27
|
+
if (hookData.status >= 400) {
|
|
28
|
+
throw new Error(hookData.message);
|
|
29
|
+
}
|
|
30
|
+
return hookData.message;
|
|
29
31
|
}
|
|
30
32
|
const { referer } = headers;
|
|
31
33
|
const tokenData = await getToken({
|
|
@@ -45,33 +47,28 @@ export default async function insert(req, reply) {
|
|
|
45
47
|
: {});
|
|
46
48
|
const { actions = [], message: accessMessage } = (await getAccess({ resource, table: add, form, user, method }, pg)) || {};
|
|
47
49
|
if (accessMessage) {
|
|
48
|
-
|
|
49
|
-
error: accessMessage,
|
|
50
|
-
code: 403,
|
|
51
|
-
});
|
|
50
|
+
throw ForbiddenError(accessMessage);
|
|
52
51
|
}
|
|
53
52
|
if (!resource &&
|
|
54
53
|
!tokenData &&
|
|
55
54
|
!config.local &&
|
|
56
55
|
!config.security?.disableToken &&
|
|
57
56
|
!config.auth?.disable) {
|
|
58
|
-
|
|
57
|
+
throw BadRequestError("invalid token");
|
|
59
58
|
}
|
|
60
59
|
if (!actions.includes("add") &&
|
|
61
60
|
!config.security?.disableToken &&
|
|
62
61
|
!config.local &&
|
|
63
62
|
!tokenData) {
|
|
64
|
-
|
|
65
|
-
.status(403)
|
|
66
|
-
.send({ error: "access restricted: actions", code: 403 });
|
|
63
|
+
throw ForbiddenError("access restricted: actions");
|
|
67
64
|
}
|
|
68
65
|
if (!add) {
|
|
69
|
-
|
|
66
|
+
throw BadRequestError("table is required");
|
|
70
67
|
}
|
|
71
68
|
const loadTemplate = await getTemplate("table", add);
|
|
72
69
|
const { table } = loadTemplate || hookData || tokenData || req.params || {};
|
|
73
70
|
if (!table) {
|
|
74
|
-
|
|
71
|
+
throw NotFoundError("table not found");
|
|
75
72
|
}
|
|
76
73
|
const formData = form || loadTemplate?.form
|
|
77
74
|
? (await getTemplate("form", form || loadTemplate?.form)) || {}
|
|
@@ -86,10 +83,7 @@ export default async function insert(req, reply) {
|
|
|
86
83
|
uid: user?.uid,
|
|
87
84
|
msg: xssCheck.error,
|
|
88
85
|
});
|
|
89
|
-
|
|
90
|
-
error: "Дані містять заборонені символи. Приберіть їх та спробуйте ще раз",
|
|
91
|
-
code: 409,
|
|
92
|
-
});
|
|
86
|
+
throw ConflictError("Дані містять заборонені символи. Приберіть їх та спробуйте ще раз");
|
|
93
87
|
}
|
|
94
88
|
const fieldCheck = validateData({ body, schema });
|
|
95
89
|
if (fieldCheck.error) {
|
|
@@ -99,10 +93,7 @@ export default async function insert(req, reply) {
|
|
|
99
93
|
uid: user?.uid,
|
|
100
94
|
...fieldCheck,
|
|
101
95
|
});
|
|
102
|
-
|
|
103
|
-
error: "Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз",
|
|
104
|
-
code: 409,
|
|
105
|
-
});
|
|
96
|
+
throw ConflictError("Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз");
|
|
106
97
|
}
|
|
107
98
|
const sqlCheck = checkSQL({ body, schema });
|
|
108
99
|
if (sqlCheck.error) {
|
|
@@ -112,10 +103,7 @@ export default async function insert(req, reply) {
|
|
|
112
103
|
uid: user?.uid,
|
|
113
104
|
...sqlCheck,
|
|
114
105
|
});
|
|
115
|
-
|
|
116
|
-
error: "Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз",
|
|
117
|
-
code: 409,
|
|
118
|
-
});
|
|
106
|
+
throw ConflictError("Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз");
|
|
119
107
|
}
|
|
120
108
|
if (![add, table].includes("admin.users")) {
|
|
121
109
|
Object.assign(body, { uid: user?.uid, editor_id: user?.uid });
|
|
@@ -137,7 +125,7 @@ export default async function insert(req, reply) {
|
|
|
137
125
|
referer,
|
|
138
126
|
});
|
|
139
127
|
if (!res) {
|
|
140
|
-
|
|
128
|
+
throw BadRequestError("nothing added");
|
|
141
129
|
}
|
|
142
130
|
const pk = pg.pk?.[loadTemplate?.table || table];
|
|
143
131
|
const id = res[pk];
|
|
@@ -159,7 +147,5 @@ export default async function insert(req, reply) {
|
|
|
159
147
|
payload: res,
|
|
160
148
|
user,
|
|
161
149
|
});
|
|
162
|
-
return
|
|
163
|
-
.status(200)
|
|
164
|
-
.send({ id, rows: res.rows, extra: res.extra, ...(res || {}) });
|
|
150
|
+
return { id, rows: res.rows, extra: res.extra, ...(res || {}) };
|
|
165
151
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAqB5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,gBA+PZ"}
|
|
@@ -8,6 +8,7 @@ import setToken from "../../../plugins/crud/funcs/setToken.js";
|
|
|
8
8
|
import getTemplate from "../../../plugins/table/funcs/getTemplate.js";
|
|
9
9
|
import extraDataGet from "../../../plugins/extra/extraDataGet.js";
|
|
10
10
|
import { resources } from "../../../plugins/access/funcs/getResources.js";
|
|
11
|
+
import { BadRequestError, ForbiddenError, NotFoundError, } from "../../../../errors.js";
|
|
11
12
|
export default async function tableAPI(req, reply, called) {
|
|
12
13
|
const { pg = pgClients.client, params, user = {}, query = {}, method } = req;
|
|
13
14
|
const tokenData = await getToken({
|
|
@@ -22,8 +23,12 @@ export default async function tableAPI(req, reply, called) {
|
|
|
22
23
|
...(tokenData || {}),
|
|
23
24
|
user,
|
|
24
25
|
}));
|
|
26
|
+
// hooks should throw custom errors instead, this is temp solution to avoid breaking changes in hooks
|
|
25
27
|
if (hookData?.message && hookData?.status) {
|
|
26
|
-
|
|
28
|
+
if (hookData.status >= 400) {
|
|
29
|
+
throw new Error(hookData.message);
|
|
30
|
+
}
|
|
31
|
+
return hookData.message;
|
|
27
32
|
}
|
|
28
33
|
const resource = resources[hookData?.resource || tokenData?.resource || params.table]
|
|
29
34
|
? tokenData?.resource || params.table
|
|
@@ -36,17 +41,17 @@ export default async function tableAPI(req, reply, called) {
|
|
|
36
41
|
if (!loadTable &&
|
|
37
42
|
!pg.pk?.[tokenData?.table] &&
|
|
38
43
|
!(pg.pk?.[templateName] && called)) {
|
|
39
|
-
|
|
44
|
+
throw NotFoundError("table not found");
|
|
40
45
|
}
|
|
41
46
|
const { table: table1 = params.table, form: form1, obj, } = hookData || loadTable || tokenData || {};
|
|
42
47
|
const table = loadTable?.table || table1;
|
|
43
48
|
const form = loadTable?.form || form1;
|
|
44
49
|
const id = hookData?.id || tokenData?.id || params.id;
|
|
45
50
|
if (tokenData && !id) {
|
|
46
|
-
|
|
51
|
+
throw ForbiddenError("invalid token");
|
|
47
52
|
}
|
|
48
53
|
if (!table && !id) {
|
|
49
|
-
|
|
54
|
+
throw BadRequestError("not enough params: table && id");
|
|
50
55
|
}
|
|
51
56
|
const { actions = [], query: accessQuery, message: accessMessage, } = (await getAccess({
|
|
52
57
|
resource,
|
|
@@ -57,35 +62,28 @@ export default async function tableAPI(req, reply, called) {
|
|
|
57
62
|
method,
|
|
58
63
|
}, pg)) || {};
|
|
59
64
|
if (accessMessage) {
|
|
60
|
-
|
|
61
|
-
error: accessMessage,
|
|
62
|
-
code: 403,
|
|
63
|
-
});
|
|
65
|
+
throw ForbiddenError(accessMessage);
|
|
64
66
|
}
|
|
65
67
|
if (!resource &&
|
|
66
68
|
!tokenData &&
|
|
67
69
|
!config?.local &&
|
|
68
70
|
!config.security?.disableToken &&
|
|
69
71
|
!called) {
|
|
70
|
-
|
|
72
|
+
throw ForbiddenError("invalid token");
|
|
71
73
|
}
|
|
72
74
|
if (!actions.includes("edit") &&
|
|
73
75
|
!config?.local &&
|
|
74
76
|
!config.security?.disableToken &&
|
|
75
77
|
!tokenData &&
|
|
76
78
|
!called) {
|
|
77
|
-
|
|
78
|
-
.status(403)
|
|
79
|
-
.send({ error: "access restricted: actions", code: 403 });
|
|
79
|
+
throw ForbiddenError("access restricted: actions");
|
|
80
80
|
}
|
|
81
81
|
const { pk, columns: dbColumns = [] } = await getMeta({
|
|
82
82
|
pg,
|
|
83
83
|
table,
|
|
84
84
|
});
|
|
85
85
|
if (!pk) {
|
|
86
|
-
|
|
87
|
-
.status(404)
|
|
88
|
-
.send({ error: `table not found: ${table}`, code: 404 });
|
|
86
|
+
throw NotFoundError(`table not found: ${table}`);
|
|
89
87
|
}
|
|
90
88
|
// const cols = columns.map((el) => el.name || el).join(',');
|
|
91
89
|
const formData = (await getTemplate("form", form)) || {};
|
|
@@ -141,9 +139,7 @@ export default async function tableAPI(req, reply, called) {
|
|
|
141
139
|
.query(q.replace(/{{uid}}/, user?.uid), [id])
|
|
142
140
|
.then((el) => el.rows[0]);
|
|
143
141
|
if (!data) {
|
|
144
|
-
|
|
145
|
-
.status(404)
|
|
146
|
-
.send({ error: `object not found: ${id}`, code: 404 });
|
|
142
|
+
throw NotFoundError(`object not found: ${id}`);
|
|
147
143
|
}
|
|
148
144
|
Object.keys(schema)
|
|
149
145
|
.filter((key) => schema[key]?.type === "DataTable")
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAsBA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBA0MxD"}
|
|
@@ -11,12 +11,13 @@ import getToken from "../../../plugins/crud/funcs/getToken.js";
|
|
|
11
11
|
import getTemplate from "../../../plugins/table/funcs/getTemplate.js";
|
|
12
12
|
import { resources } from "../../../plugins/access/funcs/getResources.js";
|
|
13
13
|
import insert from "./insert.js";
|
|
14
|
+
import { BadRequestError, ConflictError, ForbiddenError, UnauthorizedError, } from "../../../../errors.js";
|
|
14
15
|
export default async function update(req, reply) {
|
|
15
16
|
const { pg = pgClients.client, user, params = {}, body = {}, headers = {}, method, } = req;
|
|
16
17
|
const { referer } = headers;
|
|
17
18
|
const unittest = process.env.NODE_ENV === "test" || process.env.VITEST;
|
|
18
19
|
if (!user) {
|
|
19
|
-
|
|
20
|
+
throw UnauthorizedError("unauthorized");
|
|
20
21
|
}
|
|
21
22
|
const hookData = (await applyHook("preUpdate", {
|
|
22
23
|
pg,
|
|
@@ -24,11 +25,12 @@ export default async function update(req, reply) {
|
|
|
24
25
|
id: params?.id,
|
|
25
26
|
user,
|
|
26
27
|
}));
|
|
28
|
+
// hooks should throw custom errors instead, this is temp solution to avoid breaking changes in hooks
|
|
27
29
|
if (hookData?.message && hookData?.status) {
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
return
|
|
30
|
+
if (hookData.status >= 400) {
|
|
31
|
+
throw new Error(hookData.message);
|
|
32
|
+
}
|
|
33
|
+
return hookData.message;
|
|
32
34
|
}
|
|
33
35
|
const tokenData = await getToken({
|
|
34
36
|
uid: user.uid,
|
|
@@ -56,34 +58,29 @@ export default async function update(req, reply) {
|
|
|
56
58
|
method,
|
|
57
59
|
}, pg)) || {};
|
|
58
60
|
if (accessMessage) {
|
|
59
|
-
|
|
60
|
-
error: accessMessage,
|
|
61
|
-
code: 403,
|
|
62
|
-
});
|
|
61
|
+
throw ForbiddenError(accessMessage);
|
|
63
62
|
}
|
|
64
63
|
if (!resource &&
|
|
65
64
|
!tokenData &&
|
|
66
65
|
!config.local &&
|
|
67
66
|
!config.security?.disableToken &&
|
|
68
67
|
!config.auth?.disable) {
|
|
69
|
-
|
|
68
|
+
throw ForbiddenError("invalid token");
|
|
70
69
|
}
|
|
71
70
|
if (!actions.includes("edit") &&
|
|
72
71
|
!config.local &&
|
|
73
72
|
!config.security?.disableToken &&
|
|
74
73
|
!tokenData) {
|
|
75
|
-
|
|
76
|
-
.status(403)
|
|
77
|
-
.send({ error: "access restricted: actions", code: 403 });
|
|
74
|
+
throw ForbiddenError("access restricted: actions");
|
|
78
75
|
}
|
|
79
76
|
if (!edit) {
|
|
80
|
-
|
|
77
|
+
throw BadRequestError("table is required");
|
|
81
78
|
}
|
|
82
79
|
if (!id && tokenData?.table) {
|
|
83
80
|
return insert(req, reply);
|
|
84
81
|
}
|
|
85
82
|
if (!id) {
|
|
86
|
-
|
|
83
|
+
throw BadRequestError("id is required");
|
|
87
84
|
}
|
|
88
85
|
const loadTemplate = await getTemplate("table", edit);
|
|
89
86
|
const { table } = loadTemplate || hookData || tokenData || params || {};
|
|
@@ -103,10 +100,7 @@ export default async function update(req, reply) {
|
|
|
103
100
|
const xssCheck = checkXSS({ body, schema });
|
|
104
101
|
if (xssCheck.error && formData?.xssCheck !== false) {
|
|
105
102
|
logger.file("injection/xss", { msg: xssCheck.error, table }, req);
|
|
106
|
-
|
|
107
|
-
error: "Дані містять заборонені символи. Приберіть їх та спробуйте ще раз",
|
|
108
|
-
code: 409,
|
|
109
|
-
});
|
|
103
|
+
throw ConflictError("Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз");
|
|
110
104
|
}
|
|
111
105
|
const fieldCheck = validateData({ body, schema });
|
|
112
106
|
if (fieldCheck.error) {
|
|
@@ -116,10 +110,7 @@ export default async function update(req, reply) {
|
|
|
116
110
|
uid: user?.uid,
|
|
117
111
|
...fieldCheck,
|
|
118
112
|
});
|
|
119
|
-
|
|
120
|
-
error: "Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз",
|
|
121
|
-
code: 409,
|
|
122
|
-
});
|
|
113
|
+
throw ConflictError("Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз");
|
|
123
114
|
}
|
|
124
115
|
const sqlCheck = checkSQL({ body, schema });
|
|
125
116
|
if (sqlCheck.error) {
|
|
@@ -129,10 +120,7 @@ export default async function update(req, reply) {
|
|
|
129
120
|
uid: user?.uid,
|
|
130
121
|
...sqlCheck,
|
|
131
122
|
});
|
|
132
|
-
|
|
133
|
-
error: "Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз",
|
|
134
|
-
code: 409,
|
|
135
|
-
});
|
|
123
|
+
throw ConflictError("Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз");
|
|
136
124
|
}
|
|
137
125
|
if (tokenData?.obj) {
|
|
138
126
|
const objData = tokenData.obj?.split("#").reduce((p, el) => ({
|
|
@@ -158,5 +146,5 @@ export default async function update(req, reply) {
|
|
|
158
146
|
payload: res,
|
|
159
147
|
user,
|
|
160
148
|
});
|
|
161
|
-
return
|
|
149
|
+
return res;
|
|
162
150
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/crud/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/crud/index.ts"],"names":[],"mappings":"AAkBA,iBAAS,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,QAiCtC;AAED,eAAe,MAAM,CAAC"}
|